[Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: Triage cinder, glance and nova for buster LTS (CVE-2022-47951)

[Chris Lamb (@lamby)]

Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
808b9e9b by Chris Lamb at 2023-01-30T09:48:29-08:00
data/dla-needed.txt: Triage cinder, glance and nova for buster LTS (CVE-2022-47951)

- - - - -
d531f8c9 by Chris Lamb at 2023-01-30T09:50:19-08:00
Triage CVE-2022-37705 in amanda for buster LTS.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -40583,6 +40583,7 @@ CVE-2022-37705
 	RESERVED
 	- amanda <unfixed> (bug #1029829)
 	[bullseye] - amanda <no-dsa> (Minor issue)
+	[buster] - amanda <no-dsa> (Minor issue)
 	NOTE: https://github.com/MaherAzzouzi/CVE-2022-37705
 	NOTE: https://github.com/zmanda/amanda/issues/192
 	NOTE: https://marc.info/?l=amanda-hackers&m=167437716918603&w=2


=====================================
data/dla-needed.txt
=====================================
@@ -40,6 +40,9 @@ ceph
   NOTE: 20221130: https://lists.debian.org/debian-lts/2022/11/msg00025.html  (zigo/maintainer)
   NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/ceph.git
 --
+cinder
+  NOTE: 20230130: Same issue in cinder, glance and nova packages: claim all three? (lamby)
+--
 consul
   NOTE: 20221031: Programming language: Go.
   NOTE: 20221031: Concluded that the package should be fixed by the CVE description. Source code not analyzed in detail.
@@ -67,6 +70,9 @@ fusiondirectory
   NOTE: 20221203: Also the package was removed from sid recently (gladk).
   NOTE: 20221203: Feel free to marke both CVEs as <ignored>, if they are not too serious (gladk).
 --
+glance
+  NOTE: 20230130: Same issue in cinder, glance and nova packages: claim all three? (lamby)
+--
 golang-1.11
   NOTE: 20220916: Programming language: Go.
   NOTE: 20220916: Special attention: limited support; requires rebuilding reverse build dependencies (though recent bullseye updates didn't)
@@ -193,6 +199,9 @@ nodejs
   NOTE: 20221105: Source code not checked. It may be so that the vulnerability is not present in buster.
   NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/nodejs.html
 --
+nova
+  NOTE: 20230130: Same issue in cinder, glance and nova packages: claim all three? (lamby)
+--
 nvidia-graphics-drivers
   NOTE: 20221225: Programming language: binary blob.
   NOTE: 20230103: Cf. on-going discussion on nvidia support (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f27ad5bf6c924d953d77eba49e61f81be20853b7...d531f8c9811677791b77e068f6b3355424c7ad4b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f27ad5bf6c924d953d77eba49e61f81be20853b7...d531f8c9811677791b77e068f6b3355424c7ad4b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230130/a25218b0/attachment-0001.htm>